From: Andrea Arcangeli <aarcange@redhat.com>
To: David Woodhouse <dwmw2@infradead.org>
Cc: Peter Zijlstra <peterz@infradead.org>,
Dave Hansen <dave.hansen@intel.com>,
Thomas Gleixner <tglx@linutronix.de>,
LKML <linux-kernel@vger.kernel.org>,
Linus Torvalds <torvalds@linuxfoundation.org>,
x86@kernel.org, Borislav Petkov <bp@alien8.de>,
Tim Chen <tim.c.chen@linux.intel.com>,
Andi Kleen <ak@linux.intel.com>,
Greg KH <gregkh@linuxfoundation.org>,
Andy Lutomirski <luto@kernel.org>,
Arjan Van De Ven <arjan.van.de.ven@intel.com>
Subject: Re: [patch RFC 5/5] x86/speculation: Add basic speculation control code
Date: Wed, 10 Jan 2018 13:41:19 +0100 [thread overview]
Message-ID: <20180110124119.GG9706@redhat.com> (raw)
In-Reply-To: <1515587384.22302.132.camel@infradead.org>
On Wed, Jan 10, 2018 at 12:29:44PM +0000, David Woodhouse wrote:
> On Wed, 2018-01-10 at 13:17 +0100, Andrea Arcangeli wrote:
> > On Wed, Jan 10, 2018 at 12:09:34PM +0000, David Woodhouse wrote:
> > > That is not consistent with the documentation I've seen, which Intel
> > > have so far utterly failed to publish AFAICT.
> > >
> > > "a near indirect jump/call/return may be affected by code in a less privileged
> > > prediction mode that executed AFTER IBRS mode was last written with a value of 1"
> >
> > You must have misunderstood the context there, or the above text is
> > wrong to begin with.
>
> That's a quote from the Intel documentation for the IBRS feature.
> Go read it, please.
Perhaps the confusing come from "less privileged prediction mode" and
you thought that meant "less privileged ring mode". It says "predction
mode" not ring 3.
Frankly I found that documentation very confusing like the inversion
of IBRS enabled really meaning IBP speculation disabled like Ingo
pointed out.
It's clear all done in a rush but we've to live with it. After all the
electric current also really flows in the opposite direction of the
arrow..
> Andrea, what part of this whole fucking mess isn't entirely batshit
> insane to start with? :)
Absolutely :).
> I think you are confused with the future IBRS_ATT option which will
> exist on new hardware.
No, the only difference is that such option will perform best.
This is why the current default ibrs_enabled 1 ibpb_enabled 1.
That future CPUID bit will simply make the kernel boot by default with
ibrs_enabled 2 ibpb_enabled 1 and it'll perform best as it won't have
to write to SPEC_CTRL in kernel entry kernel exit vmenter/vmexit like
it commonly has to do with ibrs_enabled 1.
The only difference is that ibrs_enabled 2 will perform best, while
currently ibrs_enabled 1 performs best.
> Right now, IBRS works as I described it because that's the best they
> could do with microcode.
It works as I described but instead of arguing about specs above,
Intel should clarify that IBRS can already be set 100% of the time, be
left alone and set always, with all CPUs with SPEC_CTRL, and it's the
most secure mode available and matches the IBRS patchset with
ibrs_enabled 2.
Hope this helps clarify and of course this is so complex it's
perfectly normal to misunderstand something, but I'm confident it's
not me who misunderstood because if I did, the whole ibrs_enabled 2
that was just posted would make zero sense, that is for current CPUs
and it's the most secure option available (not less secure as you
seem to think).
Thanks,
Andrea
next prev parent reply other threads:[~2018-01-10 12:41 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-10 1:06 [patch RFC 0/5] x86/spectre_v2: Initial integration of IBRS into the spectre_v2 mechanics Thomas Gleixner
2018-01-10 1:06 ` [patch RFC 1/5] x86/CPU: Sync CPU feature flags late Thomas Gleixner
2018-01-10 1:37 ` Dave Hansen
2018-01-10 1:39 ` Van De Ven, Arjan
2018-01-10 1:47 ` Thomas Gleixner
2018-01-10 2:57 ` Andy Lutomirski
2018-01-10 11:02 ` Thomas Gleixner
2018-01-10 1:44 ` Thomas Gleixner
2018-01-10 6:20 ` Ingo Molnar
2018-01-10 11:33 ` Borislav Petkov
2018-01-10 12:38 ` Thomas Gleixner
2018-01-10 1:06 ` [patch RFC 2/5] x86/spectre: Simplify spectre code a bit Thomas Gleixner
2018-01-10 6:22 ` Ingo Molnar
2018-01-10 1:06 ` [patch RFC 3/5] x86/spectre: Prepare for IBRS selection Thomas Gleixner
2018-01-10 1:51 ` Dave Hansen
2018-01-10 1:06 ` [patch RFC 4/5] x86/cpufeatures: Detect Speculation control feature Thomas Gleixner
2018-01-10 6:32 ` Ingo Molnar
2018-01-10 11:06 ` Thomas Gleixner
2018-01-10 1:06 ` [patch RFC 5/5] x86/speculation: Add basic speculation control code Thomas Gleixner
2018-01-10 2:02 ` Dave Hansen
2018-01-10 4:11 ` Justin Forbes
2018-01-10 9:22 ` Peter Zijlstra
2018-01-10 9:27 ` David Woodhouse
2018-01-10 10:03 ` Peter Zijlstra
2018-01-10 11:22 ` David Woodhouse
2018-01-10 11:41 ` Thomas Gleixner
2018-01-10 11:45 ` Peter Zijlstra
2018-01-10 11:54 ` Andrea Arcangeli
2018-01-10 11:58 ` David Woodhouse
2018-01-10 12:01 ` Andrea Arcangeli
2018-01-10 12:07 ` Andrea Arcangeli
2018-01-10 12:12 ` David Woodhouse
2018-01-10 12:20 ` Andrea Arcangeli
2018-01-10 12:27 ` Andrea Arcangeli
2018-01-10 13:42 ` Van De Ven, Arjan
2018-01-10 12:09 ` David Woodhouse
2018-01-10 12:17 ` Andrea Arcangeli
2018-01-10 12:29 ` David Woodhouse
2018-01-10 12:41 ` Andrea Arcangeli [this message]
2018-01-10 12:47 ` Jiri Kosina
2018-01-10 12:51 ` David Woodhouse
2018-01-10 13:02 ` Andrea Arcangeli
2018-01-10 13:05 ` Andrea Arcangeli
2018-01-10 13:10 ` Andrea Arcangeli
2018-01-10 13:12 ` Andrea Arcangeli
2018-01-10 12:57 ` Andrea Arcangeli
2018-01-10 13:07 ` David Woodhouse
2018-01-10 13:45 ` Van De Ven, Arjan
2018-01-10 13:52 ` Andrea Arcangeli
2018-01-10 13:53 ` Van De Ven, Arjan
2018-01-10 21:35 ` Tim Chen
2018-01-10 22:13 ` Andrea Arcangeli
2018-01-10 13:46 ` Thomas Gleixner
2018-01-10 13:51 ` Van De Ven, Arjan
2018-01-10 13:53 ` Thomas Gleixner
2018-01-10 13:58 ` David Woodhouse
2018-01-10 14:10 ` Andrea Arcangeli
2018-01-10 14:14 ` Van De Ven, Arjan
2018-01-10 14:59 ` Dave Hansen
2018-01-10 15:13 ` Andrea Arcangeli
2018-01-10 15:24 ` David Woodhouse
2018-01-10 15:47 ` Andrea Arcangeli
2018-01-10 15:56 ` David Woodhouse
2018-01-10 13:10 ` Jiri Kosina
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180110124119.GG9706@redhat.com \
--to=aarcange@redhat.com \
--cc=ak@linux.intel.com \
--cc=arjan.van.de.ven@intel.com \
--cc=bp@alien8.de \
--cc=dave.hansen@intel.com \
--cc=dwmw2@infradead.org \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@kernel.org \
--cc=peterz@infradead.org \
--cc=tglx@linutronix.de \
--cc=tim.c.chen@linux.intel.com \
--cc=torvalds@linuxfoundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox